diff options
author | Andreas.Eversberg <jolly@eversberg.eu> | 2010-09-27 19:46:26 +0000 |
---|---|---|
committer | Andreas.Eversberg <jolly@eversberg.eu> | 2010-09-27 19:46:26 +0000 |
commit | bd9cc54ad6ec7750c383995c36677abe66e6f601 (patch) | |
tree | 15351e15710b4ff18531d68cfd6e1f99a4b65c29 /src/host/layer23/src/mobile/gsm48_rr.c | |
parent | 86c1392af95786f4134cc7f84335894ed601e0a5 (diff) |
[layer23] Fixed parsing of ASSIGNMENT / HANDOVER (type-value) IEs
Diffstat (limited to 'src/host/layer23/src/mobile/gsm48_rr.c')
-rw-r--r-- | src/host/layer23/src/mobile/gsm48_rr.c | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index 3e2f3d4c..1b36717b 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -3941,16 +3941,18 @@ static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg) memcpy(&cdb->freq_list_lv, lv, *lv + 1); } else if (TLVP_PRESENT(&tp, GSM48_IE_F_CH_SEQ_BEFORE)) { - const uint8_t *lv = - TLVP_VAL(&tp, GSM48_IE_F_CH_SEQ_BEFORE) - 1; + const uint8_t *v = + TLVP_VAL(&tp, GSM48_IE_F_CH_SEQ_BEFORE); + uint8_t len = TLVP_LEN(&tp, GSM48_IE_F_CH_SEQ_BEFORE); LOGP(DRR, LOGL_INFO, " before: hopping required and " "frequency channel sequence available\n"); - if (*lv + 1 > sizeof(cdb->freq_seq_lv)) { + if (len + 1 > sizeof(cdb->freq_seq_lv)) { LOGP(DRR, LOGL_ERROR, "Error: no LV space!\n"); return -ENOMEM; } - memcpy(&cdb->freq_seq_lv, lv, *lv + 1); + cdb->freq_seq_lv[0] = len; + memcpy(&cdb->freq_seq_lv + 1, v, len); } else if (cda->mob_alloc_lv[0]) { LOGP(DRR, LOGL_INFO, " before: hopping required and " @@ -3973,16 +3975,19 @@ static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg) /* cell channel description */ if (TLVP_PRESENT(&tp, GSM48_IE_CELL_CH_DESC)) { - const uint8_t *lv = TLVP_VAL(&tp, GSM48_IE_CELL_CH_DESC) - 1; + const uint8_t *v = TLVP_VAL(&tp, GSM48_IE_CELL_CH_DESC); + uint8_t len = TLVP_LEN(&tp, GSM48_IE_CELL_CH_DESC); LOGP(DRR, LOGL_INFO, " both: using cell channel description " "in case of mobile allocation\n"); - if (*lv + 1 > sizeof(cdb->cell_desc_lv)) { + if (len + 1 > sizeof(cdb->cell_desc_lv)) { LOGP(DRR, LOGL_ERROR, "Error: no LV space!\n"); return -ENOMEM; } - memcpy(&cdb->cell_desc_lv, lv, *lv + 1); - memcpy(&cda->cell_desc_lv, lv, *lv + 1); + cdb->cell_desc_lv[0] = len; + memcpy(&cdb->cell_desc_lv + 1, v, len); + cda->cell_desc_lv[0] = len; + memcpy(&cda->cell_desc_lv + 1, v, len); } else { /* keep old */ memcpy(&cdb->cell_desc_lv, &rr->cd_now.cell_desc_lv, @@ -4316,16 +4321,18 @@ static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg) memcpy(&cdb->freq_list_lv, lv, *lv + 1); } else if (TLVP_PRESENT(&tp, GSM48_IE_F_CH_SEQ_BEFORE)) { - const uint8_t *lv = - TLVP_VAL(&tp, GSM48_IE_F_CH_SEQ_BEFORE) - 1; + const uint8_t *v = + TLVP_VAL(&tp, GSM48_IE_F_CH_SEQ_BEFORE); + uint8_t len = TLVP_LEN(&tp, GSM48_IE_F_CH_SEQ_BEFORE); LOGP(DRR, LOGL_INFO, " before: hopping required and " "frequency channel sequence available\n"); - if (*lv + 1 > sizeof(cdb->freq_seq_lv)) { + if (len + 1 > sizeof(cdb->freq_seq_lv)) { LOGP(DRR, LOGL_ERROR, "Error: no LV space!\n"); return -ENOMEM; } - memcpy(&cdb->freq_seq_lv, lv, *lv + 1); + cdb->freq_seq_lv[0] = len; + memcpy(&cdb->freq_seq_lv, v + 1, *v); } else if (cda->mob_alloc_lv[0]) { LOGP(DRR, LOGL_INFO, " before: hopping required and " @@ -4348,16 +4355,19 @@ static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg) /* cell channel description */ if (TLVP_PRESENT(&tp, GSM48_IE_CELL_CH_DESC)) { - const uint8_t *lv = TLVP_VAL(&tp, GSM48_IE_CELL_CH_DESC) - 1; + const uint8_t *v = TLVP_VAL(&tp, GSM48_IE_CELL_CH_DESC); + uint8_t len = TLVP_LEN(&tp, GSM48_IE_CELL_CH_DESC); LOGP(DRR, LOGL_INFO, " both: using cell channel description " "in case of mobile allocation\n"); - if (*lv + 1 > sizeof(cdb->cell_desc_lv)) { + if (len + 1 > sizeof(cdb->cell_desc_lv)) { LOGP(DRR, LOGL_ERROR, "Error: no LV space!\n"); return -ENOMEM; } - memcpy(&cdb->cell_desc_lv, lv, *lv + 1); - memcpy(&cda->cell_desc_lv, lv, *lv + 1); + cdb->cell_desc_lv[0] = len; + memcpy(&cdb->cell_desc_lv + 1, v, len); + cda->cell_desc_lv[0] = len; + memcpy(&cda->cell_desc_lv + 1, v, len); } else { /* keep old */ memcpy(&cdb->cell_desc_lv, &rr->cd_now.cell_desc_lv, |